You can hear episode 157 by clicking on the Flash player below, or if your device does not support Flash, you can visit our listening options page for other ways to receive the show. Episode 157 is one hour and 10 minutes long.

Interviews

Dr. Charlie Miller, Principal Analyst for Independent Security Evaluators, offers a preview of his DefCon presentation about cyberwarfare to be given in Las Vegas at the end of the month. “Kim Jong-il and Me.” (Yes he’s that Charlie Miller.) Charlie says he really didn’t feel qualified to address the topic of cyberwarfare when he was first asked, but then decided to treat the request as an opportunity to play a game in he pretended he was approached by a rogue government for the purpose of building a cyberarmy. What would it take? Hear Charlie’s interview about 23 minutes into episode 157.

Retraction

The CyberJungle mistakenly reported that it is not possible to turn off an Apple iPad and iPhone feature that reports the owner’s location to the Big A twice daily. We oversimplified this story and we got it wrong. We have been informed by our favorite Apple connoisseurs that it is possible to turn the feature off. We apologize for the misinformation. We have removed the segment from the podcast, so it won’t be heard again, and we will note in next week’s radio show that we were incorrect.

Our Take on This Week’s News

A consumer survey that measured for the first time customer satisfaction with social media sites reports that — are you sitting down? — people hate Facebook. It scored lower than the airlines and the cable companies, and even lower than the IRS.

A watchdog organization reports that White House Emails Show More Extensive Improper Contact With Google. The National Law and Policy Center posts links to its letter to the House Committee on Oversight and Government Reform, asking for an investigation of the relationship between Google and its former lobbyist who now occupies the top advisory position to president Obama on internet policy. There are also links to some of the emails, which seem to support the conclusion that Deputy Chief Technology Officer Andrew McLaughlin is helping to stack the policy deck in Google’s favor on a number of issues.

Get comfy on the patio with a cold brew and read this great story about a fake infosec chick who persuaded her social networking pals — mostly guys who know secrets related to national security — to forget themselves and reveal a lot of stuff they aren’t supposed to give up. To anyone. The girl — Robin Sage — was named after a military training exercise, which was just one of many clues that “screamed fake,” according to her creator, a security researcher whose ruse has demonstrated something we all knew. Only James Bond can flirt with an exotic hottie and not get burned.

GM suffers theft of hybrid technology worth an estimated $40million. Insider stole information by using a portable USB drive. Data allegedly sold to at least one Chinese auto maker, Chery.

Interview Segments:

Interview – Laptop security – it’s part psychology, part technology. Dr. Larry Ponemon from the Ponemon Institute shares his research on laptop theft. The interview is about ten minutes long, and it starts about 54 minutes into the show.

Interview – David Thompson is co-author of Wild West 2.0, a book that explains what’s happening as the wild web matures, and becomes civilized. The book takes a historical approach, by drawing parallels between the internet and the wild American frontier, and the disruptions to society as “gentrification” occured — and newbies began to inhabit those spaces.

Event Announcement- Sierra Nevada Infragard

Get smart about smart phone policy in the workplace:

The InfraGard Sierra Nevada Members Alliance is holding its summer meeting on Thursday, July 15, 2010, on the topic of an urgent workplace hazard: Employee-Owned Smartphones—Accessing Workplace Email and Data. A panel of data security and legal experts will cover the technology, human resource, and legal issues related to smartphones in the workplace.

Our Take on This Week’s News

America is riddled with politically motivated surveillance,or so reports the American Civil Liberties Union. Here’s the ACLU report on police infiltration and monitoring of citizen activity in 33 states and the District of Columbia.

Best Buy tries to fire employee for satire. The employee was worked three years selling mobile phones for Best Buy. But the company didn’t appreciate it when its mobile phone expert created a video poking fun at the irrational appetite for iPhone. WARNING: Do not listen to this at work without headphones; potty mouth alert!

Voice mail hacking – an example of an app that allows CallerID spoofing. Anyone can get into many voice mail accounts without a password, and can listen to messages, alter settings, or even create a new voice mail greeting.

The government of India has ordered Skype, RIM (Blackberry) and Google to provide a way for its security agencies to intercept messages. Why is this important? Two reasons: 1) we all do business with India in some indirect fashion. Someone you are doing business with is doing business with companies in India. 2) Giving a back door to the Indian government is, in effect, giving it to the world. The companies have 15 days to comply with the order or be banned from doing business in India.

The accused Russian Spies had an interesting bag of tricks that included the use of steganography. That’s the art and science of hiding messages in plain site, by embedding the information in the text of another document, or in a photo or a piece of art. It’s not just a tool for spies. You, too, can use steganography to protect your privacy.

Interviews:

Your employees will use social media whether you like it or not… and our expert says fully20 percent of current business communication is done via social media. So why not take control of the situation, and create ground rules and guidelines, so you’re in charge of how it’s used? Our interview with Gartner Research Director Andrew Walls is 8 minutes long and starts about 24 minutes into the show. This is an excerpt. We also posted the entire 25-minute interview on our conference notes page, if you’d like to hear it.

In our interview with Ed Rowley of M86 Security, we discuss a new iPhone scam……… The interview starts 61 minutes into the show.

Speaking of phones… congress is holding hearings on cellphone tracking of citizens by government.

Employers are in denial about the sensitive information that lives on the laptops and smart phones of their employees. Listen to our interview with Kevin Beaver of Principle Logic, who found an interesting gap between perception and reality while he was conducting security audits. The interview is just over 4 minutes long, taped at the Gartner conference. Look for it on our conference notes page.

Interviews:

David Perry, Global Director of Education for TrendMicro. David just flew back from the international Anti-Phishing Working Group Conference in Sao Palo Brazil. David became really animated when I asked him about details regarding a huge cybercrime armies in China. David recommends the Counter-Measures Blog by TrendMicro. This conversation is about 9 minutes long, and starts about 21 minutes into the show. For the full 36-minute interview, which was too long and technical to air on the radio, scroll down to Episode 146.

ALSO – Security Software entrepreneur Phil Lieberman President of Lieberman Software, who has been serving as an adviser to members of the U.S, Senate on the cybersecurity bill…. sweeping new legislation that could impact every department in the Federal Government, and data security at the Ssate level. That interview begins about 58 minutes into the show.

Tales from the Dark Web:

A 21-year-old cybercriminal parlayed his talent into a Porsche, expensive watches and £30,000 in gold bullion. He’s been arrested.

Our Take on This Week’s News:

The rush to deploy smart meters: Federal stimulus money can get you high, and it makes decision-makers really stupid. The smart meters are among several advanced systems being deployed before they’re really ready, in terms of their vulnerability to cybercrime. BTW — Kudos to cnet’s Elinor Mills who wrote the article above. Well researched and thorough.

And if you like reporting to big brother about your driving habits, maybe you should move to the UK, where the cops have stored 7.6 billion images of cars moving through the streets. HMP Britain is an interesting blog that’s posted the response to its FOIA request about the use of the data taken from CCTV — a surveillance method ubiquitous in Britain. HMP stands for “Her Majesty’s Prison” and it’s a prefix in the name of the slammer in every jurisdiction. HMP Nottingham, etc…. The name of the website suggests the entire nation is a prison, according to its proprietor.

Goatse Security published a serious security flaw in Safari browser that impacts on the iPhone/iPad back in March. Apple has still not patched that flaw, and the code is available on the internet for any attacker to see.

The Disgruntled Employee Chronicles, Chapter 359: How many times does this story have to play out before managers begin to realize that when you fire someone, you have to terminate their user name and password. This former employee was creating havoc inside the hospital’s network after he no longer worked there.

At last! A data breach story with a happy ending! Department of the Interior lost a CD containing personal data for 7500 federal employees… but wait a minute…. The data was encrypted and password protected. And the department reviewed its procedures to make sure it doesn’t happen again. And they disclosed the loss of the disk within 10 days. And then pigs started flying out the windows of the Department of the Interior building. (Just kidding. We salute the Department of the Interior. If only other federal agencies would implement and follow best practices.)

The good folks at EFF offer yet another great privacy and security idea! HTTPS everywhere. It’s a Firefox plug-in that encrypts popular search engine and social media sites. Also allows you to customize sites you visit frequently. Check it out.

Everything Old is New Again. The USB typewriter, for instance. Cute, but can you imagine hauling it onto an airplane?

Episode 146- su root Edition:

This is our unedited interview wth David Perry, Global Director of Education for TrendMicro. We had a long conversation about iPhone security, web application security, and malware attacks. ALSO — David discusses an army of 300,000 Chinese cybercriminals. The interview is 36 minutes long. Click on the flash player below, or go to our listening options page and browse for other was to hear the show.

Interviews:

Peter Eckersly of the Electronic Frontier Foundation announces the results of his research project called Panopticlick . Bottom line – 94 percent of computers leave a unique fingerprint on websites. The interview starts about 25 minutes into episode 141. Episode 141 is one hour and 12 minutes long. You can listen by clicking on the flash player below, or there are other ways of listening to the show on our “listening options “ page.

Our Take on This Week’s News

Zeus-style banking attack perpetrated on a credit union in Salt Lake City. The bad guys apparently penetrated an employee’s desktop computer, and then were able to get into the bank system. $100K disappeared, largely in $5K increments. Credit Union president says the attack got past the company’s Norton… Geez

Remember the Pennsylvania school district that gave its students laptops loaded with tracking software… and then proceeded to collect hundreds of photos of the kids at home, snapped through the laptop lenses… well it seems the tracking software on the Lower Marion laptops can be easily hacked. A security company did some research on it, and here’s what they found.

Our take on this week’s news:

Co-host Ira Victor is out of town. Lee Rowland from the ACLU of Nevada sits in as guest co-host for a first-hour privacy round-up. Recent issues include:

The Houston Police Department recently held a secret (no media allowed) event where the invited guests contemplated the use of drone aircraft for domestic law enforcement. Nonetheless, one news outlet got wind of it, and stationed its television cameras on the property next door. They caught the launch of the drone on camera. Cops say they aren’t sure how they’ll use the technology, but aren’t ruling out anything. Watch the whole report. It’s about four minutes long.

Not cool enough for a mac? Why the Apple Store refused to sell an iPad to a disabled woman. (She wanted to pay cash. Apple’s iPad policy was credit or debit card only.) And why Apple relented, and delivered the device to her home a few days later. (San Francisco television consumer reporter Michael Finney and his news feature “7 on Your Side” shamed them into it.)

Interview segment

If your company accepts credit cards, listen to our featured interview with Richard Moulds from security firm Thales. He and Ira discuss the upcoming revision of Payment Card Industry standards. (Standards are set by the PCI Security Standards Council). Thales sponsored a survey of PCI auditors, to discover where they believe the weak spots are, and where improvements should be made. The interview is 11 minutes long, and it starts 56 minutes into Episode 135.

Our Take on This Week’s News

FedGov wants to snoop into your financial transactions: As most major news organizations have reported, there are potential privacy hazards for consumers and merchants lurking in the federal financial reform bill. Republicans objected last week to the creation of two agencies that would be empowered to scrutinize purchases made on credit. We’re thankful the subject was raised, but we note that the Republicans very likely were using consumer privacy as a bargaining chip to get other changes in the bill that they consider truly important. Let’s not be lulled into believing that citizen privacy is not a priority for any legislator when there are other issues on the table. Sure enough, this article, published a day and a half later, bears out our assertion. It’s a three-page report indicating that Republican objections had been trounced. In three pages of reporting, not a mention of the privacy concerns, so it’s clear that other matters dominated the discussion, and any concerns over privacy must have evaporated in the backroom discussions.

Computer glitches hamper census: Remember how much money and effort was spent persuading you to return your census form? Now the GAO reports fairly significant problems with the computer system that was specially designed for processing the paper responses. For the moment, they’re reporting major cost overruns — AND — that a lot of the paper responses might not be counted anyway. Why is this in our data security beat? Because information security has three pillars: Confidentiality, Integrity, and Availability. We can rule out data integrity here, because the census data most likely won’t be accurate. Rule out confidentiality, because, as congress has now been informed, stacks of paper responses are piled up in offices waiting to be entered into the system. And we should probably rule out availability too, unless the many agencies making use of census data want to trudge over to the commerce department and analyze it by hand.

You may have seen this by now: Hats off to CBS news for their coverage of the copy machine hard drives left unscrubbed when the machines are discarded by business. Chilling. Few mainstream news organizations are doing good coverage of these issues, and we hope this CBS reporter wins an award for his excellent work.

Did fedgov use drones to track the Times Square bomber? This story has not been reported anywhere else, but the source seems credible. Leaving us to wonder about the Obama administration’s public preference for giving suspected terrorists constitutional rights. A terrorist is either a criminal suspect or a combatant. Not both. If there is a behind-the-scenes use of military signal intelligence to track criminals, then they are not criminals, they are combatants. Or are they? Let’s decide and stick with one course.

Caller Kevin wanted to know how to diagnose mysterious CPU spikes on his system. Is there a security issue here? Ira promised to look up a free utility that can help. Long ago, when The CyberJungle was still the Data Security Podcast, we reported on MimarSinan’s Rubber Ducky System Monitor. Jim Murray, the creator of this utility, talked with us about how he came up with the software after his wife’s computer system came under attack.